[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6589) Patch - Mozilla NSS - support use of self signed CA certs as server certs

To: openldap-its@OpenLDAP.org
Subject: (ITS#6589) Patch - Mozilla NSS - support use of self signed CA certs as server certs
From: rmeggins@redhat.com
Date: Wed, 14 Jul 2010 17:56:54 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Rich Megginson
Version: 2.4.23
OS: Fedora
URL: ftp://ftp.openldap.org/incoming/openldap-2.4.23-selfsignedcacert-20100714.patch
Submission from: (NULL) (76.113.111.209)


MozNSS doesn't like self-signed CA certs that are also used for 
TLS/SSL server certs (such as generated by openssl req -x509)
CERT_VerifyCertificateNow returns SEC_ERROR_UNTRUSTED_ISSUER in that case
so, see if the cert and issuer are the same cert, and allow the
use of it (with a warning)

This patch file is derived from OpenLDAP Software. All of the 
modifications to OpenLDAP Software represented in the following 
patch(es) were developed by Red Hat. Red Hat has not assigned rights 
and/or interest in this work to any party. I, Rich Megginson am 
authorized by Red Hat, my employer, to release this work under the 
following terms.

Red Hat hereby place the following modifications to OpenLDAP Software 
(and only these modifications) into the public domain. Hence, these 
modifications may be freely used and/or redistributed for any purpose 
with or without attribution and/or other notice.

Prev by Date: Re: (ITS#6588) Change log not up to date on www.openldap.org
Next by Date: Re: (ITS#6589) Patch - Mozilla NSS - support use of self signed CA certs as server certs
Index(es):
- Chronological
- Thread